Parse a Wireshark pcap file

Kevin Holleran kdawg44 at gmail.com
Tue Jan 22 22:26:00 EST 2013 

I also found this:

http://code.google.com/p/py-greppcap/

Which I can leverage to do what I want but I also get that dnet error!


--
Kevin Holleran
Master of Science, Computer Information Systems
Grand Valley State University
Master of Business Administration
Western Michigan University
SANS GCFA, SANS GCFE, CCNA, ISA, MCSA, MCDST, MCP

"Do today what others won't, do tomorrow what others can't" - SEALFit

"We are what we repeatedly do. Excellence, then, is not an act, but a
habit." - Aristotle


On Tue, Jan 22, 2013 at 10:15 PM, Kevin Holleran <kdawg44 at gmail.com> wrote:

> Thanks, I have been trying to get it to work but I am on Mac OS 10.8.2.  I
> tried to get it from Macports and download/install it myself.  Both seem to
> get me to here:
>
> ImportError: No module named dnet
>
> I tried to download libdnet but no matter what I do this is what I get.
>  Granted I am doing;
>
> from scapy.all import *
>
>
> But I have no idea what I need.  I am not trying to craft packets but
> filter packets based on tcp.dstport 80 & frame matches signin.aspx.  Then
> my goal is to parse the data looking for post vars txtUserId & txtPwd and
> extract them, dumping them to the screen as userid_value => password.
>
>
> Thanks for your help.
>
> --
> Kevin Holleran
> Master of Science, Computer Information Systems
> Grand Valley State University
> Master of Business Administration
> Western Michigan University
> SANS GCFA, SANS GCFE, CCNA, ISA, MCSA, MCDST, MCP
>
> "Do today what others won't, do tomorrow what others can't" - SEALFit
>
> "We are what we repeatedly do. Excellence, then, is not an act, but a
> habit." - Aristotle
>
>
> On Tue, Jan 22, 2013 at 10:03 PM, Dave Angel <d at davea.name> wrote:
>
>> On 01/22/2013 08:32 PM, Kevin Holleran wrote:
>>
>>> Is there a way to parse out a wireshark pcap file and extract key value
>>> pairs from the data?  I am illustrated a sniff of some traffic and why it
>>> needs utilize HTTPS instead of HTTP but I was hoping to run the pcap
>>> through a python script and just output some interesting key value
>>> pairs....
>>>
>>>
>> Sure.  scapy can create and/or parse pcap files.
>>
>> http://pypi.python.org/pypi/**Scapy <http://pypi.python.org/pypi/Scapy>
>>
>>
>> --
>> DaveA
>> --
>> http://mail.python.org/**mailman/listinfo/python-list<http://mail.python.org/mailman/listinfo/python-list>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20130122/a62cf28d/attachment.html>

More information about the Python-list mailing list